LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   dhcpcd suid (https://www.linuxquestions.org/questions/linux-security-4/dhcpcd-suid-577861/)

mattydee 08-17-2007 02:23 PM
dhcpcd suid
 
Hi,

I want to give users the ability to release and renew ip from the dhcp server (my router). I set dhcpcd suid:

chmod u+s /sbin/dhcpcd

This has worked, but does anyone know if this poses a major security risk/problem?

Thanks

unSpawn 08-20-2007 12:11 PM
does anyone know if this poses a major security risk/problem
You're introducing a setuid-root binary where it isn't necessary: use sudo instead. Sudo allows you to have an audit trail of who executed what commands and if you don't trust users make sudo execute a wrapper script for the command.

mattydee 08-20-2007 01:08 PM
Quote:
Originally Posted by unSpawn (Post 2864751)
does anyone know if this poses a major security risk/problem
You're introducing a setuid-root binary where it isn't necessary: use sudo instead. Sudo allows you to have an audit trail of who executed what commands and if you don't trust users make sudo execute a wrapper script for the command.
Thanks for the reply. I eventually decided to go with sudo, letting users in group "net" run dhcpcd as root. I don't know what a wrapper script is, but I will look into that as well.

unSpawn 08-20-2007 04:57 PM
I don't know what a wrapper script is
It is just what it is: a "wrapper" around a command. Say for instance you allow users access to some command but it requires some basic logic, like first stopping then starting, or making sure the arguments are in the right order, or any arguments you can't get /etc/sudoers to work with, basically any stuff users should not try and fsck up.


All times are GMT -5. The time now is 09:15 PM.